Sample Neutron FWaaS Policy File

The following is a sample neutron-fwaas policy file for adaptation and use.

The sample policy can also be viewed in file form.

Important

The sample policy file is auto-generated from neutron-fwaas when this documentation is built. You must ensure your version of neutron-fwaas matches the version of this documentation.

# Definition of shared firewall groups
#"shared_firewall_groups": "field:firewall_groups:shared=True"

# Create a firewall group
# POST  /fwaas/firewall_groups
#"create_firewall_group": "rule:regular_user"

# Update a firewall group
# PUT  /fwaas/firewall_groups/{id}
#"update_firewall_group": "rule:admin_or_owner"

# Delete a firewall group
# DELETE  /fwaas/firewall_groups/{id}
#"delete_firewall_group": "rule:admin_or_owner"

# Create a shared firewall group
# POST  /fwaas/firewall_groups
#"create_firewall_group:shared": "rule:admin_only"

# Update ``shared`` attribute of a firewall group
# PUT  /fwaas/firewall_groups/{id}
#"update_firewall_group:shared": "rule:admin_only"

# Delete a shared firewall group
# DELETE  /fwaas/firewall_groups/{id}
#"delete_firewall_group:shared": "rule:admin_only"

# Get firewall groups
# GET  /fwaas/firewall_groups
# GET  /fwaas/firewall_groups/{id}
#"get_firewall_group": "rule:admin_or_owner or rule:shared_firewall_groups"

# Definition of shared firewall policies
#"shared_firewall_policies": "field:firewall_policies:shared=True"

# Create a firewall policy
# POST  /fwaas/firewall_policies
#"create_firewall_policy": "rule:regular_user"

# Update a firewall policy
# PUT  /fwaas/firewall_policies/{id}
#"update_firewall_policy": "rule:admin_or_owner"

# Delete a firewall policy
# DELETE  /fwaas/firewall_policies/{id}
#"delete_firewall_policy": "rule:admin_or_owner"

# Create a shared firewall policy
# POST  /fwaas/firewall_policies
#"create_firewall_policy:shared": "rule:admin_only"

# Update ``shared`` attribute of a firewall policy
# PUT  /fwaas/firewall_policies/{id}
#"update_firewall_policy:shared": "rule:admin_only"

# Delete a shread firewall policy
# DELETE  /fwaas/firewall_policies/{id}
#"delete_firewall_policy:shared": "rule:admin_only"

# Get firewall policies
# GET  /fwaas/firewall_policies
# GET  /fwaas/firewall_policies/{id}
#"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies"

# Definition of shared firewall rules
#"shared_firewall_rules": "field:firewall_rules:shared=True"

# Create a firewall rule
# POST  /fwaas/firewall_rules
#"create_firewall_rule": "rule:regular_user"

# Update a firewall rule
# PUT  /fwaas/firewall_rules/{id}
#"update_firewall_rule": "rule:admin_or_owner"

# Delete a firewall rule
# DELETE  /fwaas/firewall_rules/{id}
#"delete_firewall_rule": "rule:admin_or_owner"

# Create a shared firewall rule
# POST  /fwaas/firewall_rules
#"create_firewall_rule:shared": "rule:admin_only"

# Update ``shared`` attribute of a firewall rule
# PUT  /fwaas/firewall_rules/{id}
#"update_firewall_rule:shared": "rule:admin_only"

# Delete a shread firewall rule
# DELETE  /fwaas/firewall_rules/{id}
#"delete_firewall_rule:shared": "rule:admin_only"

# Get firewall rules
# GET  /fwaas/firewall_rules
# GET  /fwaas/firewall_rules/{id}
#"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewall_rules"

# Insert rule into a firewall policy
# PUT  /fwaas/firewall_policies/{id}/insert_rule
#"insert_rule": "rule:admin_or_owner"

# Remove rule from a firewall policy
# PUT  /fwaas/firewall_policies/{id}/remove_rule
#"remove_rule": "rule:admin_or_owner"